VYPR
Unrated severityNVD Advisory· Published Sep 12, 2008· Updated Jun 16, 2026

CVE-2008-3274

CVE-2008-3274

Description

The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:redhat:enterprise_ipa:1.0.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:redhat:enterprise_ipa:1.0.0:*:*:*:*:*:*:*
    • (no CPE)range: <=1.0.0
  • Red Hat/Freeipa3 versions
    cpe:2.3:a:redhat:freeipa:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:redhat:freeipa:*:*:*:*:*:*:*:*range: <=1.1.0
    • cpe:2.3:a:redhat:freeipa:0.99:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:freeipa:1.0.0:*:*:*:*:*:*:*
  • Freeipa/Freeipallm-fuzzy
    Range: <1.1.1

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.